Hacktivists dominate 2011 data thefts, report says

The vast majority of data breaches analyzed in the latest annual report from Verizon were unsophisticated and easily avoidable, and most were carried out against targets of opportunity.

This corresponds with the increase in the amount of hacktivism in 2011, which accounted for a small percentage of total attacks but a whopping 58 percent of the 174 million records compromised in data breaches investigated last year, said Chris Novak, managing principal in Verizon’s RISK Intelligence Team.

He said that although hacktivism is not new, the surge in activity last year — including many attacks on government websites — represents a major shift in motivation away from financial gain to ideology.

Although 97 percent of breaches in the study were classified as “avoidable through simple or intermediate controls,” Novak said he does not expect the problem to be solved any time soon.

“I think you’re going to continue to see this trend as more data becomes digitized and comes online,” he said. “There are still a lot of organizations that are just getting their feet wet” and have not yet adopted basic security practices.

The Verizon 2012 Data Breach Investigation Report analyzes 855 incidents that were investigated last year by Verizon, the U.S. Secret Service and agencies in the Netherlands, Australia, Ireland and England. Although the number is relatively small, Novak said the results are representative of what is happening in cybersecurity.

All of the incidents included in the report were analyzed using the Verizon Information-Sharing framework (VerIS), an in-house tool for collecting and reporting information about security incidents that the company released in 2010 to help standardize reporting. Use of the standard framework allows data to be meaningfully compared year to year and between organizations.

Last year’s report showed a dramatic drop in the number of records compromised by data breaches, from 143 million in 2009 to about 3.8 million in 2010. That appears to have been the result of thieves using more targeted attacks to steal high-value information. That trend was reversed in 2011 as groups such as Anonymous and LulzSec stepped up ideological attacks intended to expose as much data as possible and embarrass targets.

The disproportionate amount of information exposed in hacktivist attacks should not mask the fact that financial or personal gain remained the dominant motive identified for breaches, at 96 percent, with disagreement or protest identified as the motive for only 3 percent.

Personally identifiable information is the primary target in any type of breach, accounting for 95 percent of records lost in 2011 compared with only 1 percent in 2010. But the theft of intellectual property also continued last year.

“Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property,” the report said. While credit card and other personal information often is stolen in bulk, intellectual property often is stolen in a single record, no less damaging although it results in a far smaller percentage of incidents.

Novak said there is no significant difference between government organizations and the rest of the sectors included in the study. “I think government matches well with the rest of the data set,” he said.

The report offers a short list of basic recommendations for improving security:

Eliminate unnecessary data; keep tabs on what’s left.

Ensure that essential controls are met and regularly check that they remain so.

Monitor and mine event logs.

Evaluate your threat landscape to prioritize your treatment strategy.

Eliminate or mitigate common threats.

Despite the continued failure to correct common, easily exploited problems, Novak said there is a growing awareness of security issues and the need to practice good security.

“I personally think that folks are doing better,” he said. The problem is that the pool of potential targets is growing faster than the knowledge of best practices.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.